10.5: Use the built-in firewall to block web sharing
Dec 07, '07 07:30:06AM • Contributed by: Anonymous
Dec 07, '07 07:30:06AM • Contributed by: Anonymous
Leopard's built-in firewall is great, but as soon as you use web sharing (eg, for local testing), it is added to the allow list of the firewall (under "Set access for specific services and applications").
But it's easy to change that, and to block any incoming connection to your local web server from outside your Mac:
- In the Finder (Go » Go to Folder...), go to folder /usr/sbin and locate the file httpd
- Open System Preferences » Security » Firewall), and select the "Set access for specific services and applications" option.
- Click on the "+" button at the bottom of the list, then drag the file httpd from /usr/sbin in the Finder to the Open dialog, then click Add (Validate).
- In the list of services, locate httpd, then select "Block incoming connections" in the popup menu.
[robg adds: A commenter on the queue site notes that you can make these changes in the Apache and MySQL config files instead. In Apache's config file (/etc/apache2/httpd.conf), change Listen 80 to Listen 127.0.0.1:80. For MySQL, find the my.cnf file (usually in usually in /etc or /usr/local/etc), and look for the [mysqld] section of the file. Add either bind-address=127.0.0.1 or the more-restrictive skip-networking option to this file. Apparently skip-networking will still allow local connections via Unix socket, not TCP. The difference with this method is that you don't even need to use the built-in firewall.]
•
[11,756 views]
